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Abstract. We prove the syntactic soundness of classical tableaux with 
free variables and on-the-fly Skolemization. Soundness proofs are usually 
built from semantic arguments, and this is to our knowledge, the first 
proof that appeals to syntactic means. We actually prove the soundness 
property with respect to cut-free sequent calculus. This requires great 
care because of the additional liberty in freshness checking allowed by 
the use of Skolem terms. In contrast to semantic soundness, we gain the 
possibility to state a cut elimination theorem for sequent calculus, under 
the proviso that completeness of the method holds. We believe that such 
techniques can be applied to tableaux in other logics as well. 


1 Introduction 

Tableaux methods form a successful sub-family of automated theorem proving, 
encompassing classical as well as modal logics. Their origin comes from Beth’s 
semantic considerations [3]. With Smullyan’s updated tree-based formalism [16], 
as well as Fitting’s subsequent treatment [11], there is a first separation between 
syntactic and semantic concerns. Both present a purely syntactic operational 
behavior of tableaux rules, justified by semantic soundness and completeness 
proofs. Proving these two properties by semantic arguments has stayed the norm 
and for good reasons: model-theoretic proofs are reasonably short, relatively 
elegant and straightforward. In comparison, syntactic proofs can be messy, as 
all translation details must be shown. 

There might be another reason. Translating ground tableaux proofs a la 
Smullyan to ground sequent calculus proofs is indeed trivial. If we allow free 
variables and Skolemization, we still have a straightforward translation to Anton- 
sen and Waaler’s free-variable sequent calculus [17]. Thus, the relation between 
classical tableaux and sequent calculi has been relegated to folklore knowledge. 

Nonetheless, translating free variable tableaux with Skolemization to ground 
sequent calculus is not as simple a task: most of the trouble comes from the 
freshness conditions imposed on existential witnesses in sequents. Despite our 
efforts, we were not able to find any result on that matter. 


However, why would one want syntactic soundness over semantic soundness 
? At the proof-theoretical level, it provides a double-check of soundness. In prac¬ 
tice, it does not add any power to tableaux heuristics. However, it presents some 
benefits, especially in the context of proof production and proof theory. 

Since it is not hard to encode ground sequent calculus rules into any proof 
assistant such as Coq, Isabelle or Dedukti [4], if we are able to reconstruct a 
ground sequent derivation from a free-variable Skolemized tableaux procedure, 
we will get (almost) free external verification tools. On the tableaux side, a 
syntactic soundness proof highlights where and how non-elementary speedups 
are achieved from the use of efficient (5-rules. Lastly, our long-term goal is to 
derive cut elimination theorems from tableaux completeness proofs, in extensions 
of first-order logic, and this requires syntactic, cut-free, soundness proofs. 


2 Free-Variable Tableaux 

The language is usual first-order logic with predicate and function symbols. Sets 
and multisets of formulas are denoted by capital greek letters (T, A), while 
formulas are denoted by upper case letters A, B,C,D. We use the lower case 
letters /, g to denote function symbols and a, b , c, d for constants. Variables are 
denoted as x 7 y, z. We also use indexes or quotes when we need more symbols. 

We present tableaux as a refutation calculus with attached constraints via 
a global constraint store. This global store represents the necessary unification 
steps to be performed and satisfied in order to close the tableau. A constrained 
tableau is a pair T ■ C where T is a tableau and C a set of unification constraints. 

A branch can be closed when it carries two opposite unihable formulas. 
Unifiable here means that the global store does not become inconsistent when 
adding the new unification constraints. A tableau is itself said closed when all its 
branches can be closed at once. In this case, all closing constraints are unifiable. 

This means that closing a first-order tableau can be seen as providing a unifier 
that simultaneously satisfies all the global constraints and the closing constraints 
of the open branches, or, equivalently, that does not induce any new constraint 
on the latter branches. The constraint store keeps the minimal requirements for 
such a unifier: they come from the early closure of some branches, discussed 
before. Of course, if this is done carelessly, we can come to a dead-end. 

We see constraints as a degree of liberty for tableaux. Ultimately, we just can 
decide not to generate constraints at all, until a global unifier can be found. The 
soundness proof of Section 4 promotes this point of view: it assumes a unifier 
and no constraints. 

The rules, presented in Figure 1 where the constraints are omitted if they 
are unchanged, are an extension of usual non-destructive free-variable tableaux 
calculi. Non-destructivity is not strictly needed neither for soundness nor for 
completeness, but it eases some developments. 

Tableaux rules are usually divided into 4 sets: 2 sets decompose logical con¬ 
nectives (a,/?), two act on quantifiers (6, 7 ). We need only add the closure rule 
(©). If A, V, =>, ->, V, 3 are allowed, we have the following groups: 


a 

A A B, —<(A V B), —<(A => B), —<—<A 

13 

Ay B, A => B, ~<(A A B) 

S 

3a- A, -i(Vx A) 

7 

Vx A, -i(3x A) 


The decomposition of formulas happens as follows: the tableaux method 
matches the active formula with one of the above categories, then applies the 
corresponding rule to it. Negated formulas are actually handled in two steps: the 
negation is pushed to the direct subformulas, transforming the active connective 
by De Morgan laws, then the decomposition of the connective is applied. 

In pure automated deduction mode, it is enough to keep only the current set 
of open branches, since the rules apply only on them. This is no more the case if 
we are interested in exporting the proof in other formats [5]. Moreover, keeping 
track of previous steps can help us during proof search. 

For proof-theoretic purposes, it is convenient to record all the steps of the 
proof and to consider a tableau derivation as a tree rooted at the original multiset 
of formulas; tableau branches are nodes, internal if they already have been ap¬ 
plied some rule and external ( leaves ) otherwise; the leaves that are not closed, are 
open, and they constitute the tableau properly speaking. Tableau rules primarily 
operate on those leaves, extending one of them at a time: rules are recorded as 
labels of inner nodes. Trees themselves enjoy a notion of branch, that we replace, 
to prevent confusion, with tableaux branches, by the word path. 

Due to the non-destructive nature of the rules, the formulas on a path are 
collected at the leaves. Paths, as well as leaves/branches, will be identified as 
usual with trees, with sequences of 0 and 1. b.0 is the left child of a path b, (or 
the unique child if there is no branching), and b. 1 is its right child. 
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closure (©) 


l(x,A) 5(x, A) 

- 7 - 

A(x := X) A[x:=sko(args)] 

A' fresh free variable 

Constraints (C) are omitted in a, 
13, 7; S - 


Fig. 1: Tableau expansion and closure rules. 


a-rules and /3-rules correspond to the standard ones as found in Smullyan’s 
textbook [16]. They all include negated formulas, as -> is a primitive connective, 
and not an operator transforming formulas into negation normal forms. 

Free variables are used in y-rules as placeholders waiting some satisfying term 
instantiation, usually given by closure. This has a direct effect on the treatment 
of existential quantifiers as we now must use Skolemization to get a suitable 
sound witness. 

The (5-rule shown is generic and produces a fresh Skolern symbol on-the-fly. 
This function symbol, here named sko, receives the free variables in A as argu- 













ments (args). The term is therefore guaranteed to be fresh. We use a standard 
inner Skolemization [14]: the arguments of the Skolem symbol are the free vari¬ 
ables actually occurring in the Skolemized formula A. Inner Skolemization is 
more efficient than outer Skolemization in the sense that it uses only relevant 
(i.e. fewer) elements as arguments. Such on-the-fly Skolemization can also be 
replaced by a pre-inner-Skolemization of formulas (this is the d + rule of [2]), 
which would be even more efficient on some problems. We chose not to do so 
because we intend to extend this work to Deduction modulo [9], which does not 
behaves well with pre-Skolemization, unless we switch to polarized Deduction 
modulo [ 8 ]. 

Finally, we also have chosen inner Skolemization over other forms of strong 
quantifier treatments [ 6 , 12] [7] because it adds less noise (through technical dif¬ 
ficulties) to the syntactic soundness proof of Section 4. 

All in all, inner Skolemization is a good tradeoff between efficiency and sim¬ 
plicity. It allows us to expose the techniques that allow us to show syntactic 
soundness, with the right degree of difficulty. 

Let us prove Smullyan’s drinker problem, 3x(D(x) =>■ VyD(y)), where D 
is a unary predicate. As usual with tableaux, we actually refute the negation 
~^(3x(D(x) =>■ \/yD(y))). The full derivation is shown in Figure 2. 


_ -^{3x(D(x) => VyDjy))) _ 

^(3x(D(x)^VyD(y))),^(D(X)^\/yD(y)) 

-i(3x(D(x) =» VyD(y))),-<(D(X) =» VyD(y)), D(X), ^VyD(y) 
^(3x(D(x) =>\/yD{y))),^D{X) =>VyD{y)),D{X),-VyD{y),^D{c) 

© {X«c} 


Fig. 2: A proof of the drinker principle 


3 Sequent Calculus 

This section presents the sequent calculus which will be used for the syntactic 
soundness proof for tableaux. This version is as close as possible to tableaux and 
equivalent to more usual sequent calculi. The important difference with tableaux 
is that, as most sequent calculi 3 , we do not allow free variables nor Skolemization, 
which will be the major concern of Section 4). 

GS3 4 (for Gentzen-Schiitte) is a one-sided variant of Gentzen’s original LK 
sequent calculus. Contraction is implicit, built into each inference rule, both to 
stick to tableaux rules, and as a convenience for the proofs we will develop. In 
contrast, the weakening rule is explicit. The cut rule is absent, as we intend to go 

3 one exception is Waaler and Antonsen’s free-variable sequent calculus[i ] 

4 We follow Troelstra and Schwichtenberg’s classification and naming [15] 








without it in the soundness proof. To underline the similarities with tableaux, we 
split the presentation of the rules along the a, /3, 7 , 6 (Figure 3) classification for 
tableaux, except that we explicitly mention every case, which is more customary 
in sequent calculi. 


a group 

A, -.-id b ^ 

A,-i-nA,A b 
A,^A\- 

A, —<(A — > B), A, —<B b 
A,-*{A => B) b 

A, A A B, A, B b 


a,aab\- 

A,^(AV B),^A,->B b 
A, -i(T V B) b 

axiom rule 

A.A.^A b M 
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P group 

A, A B , ~ 1 A b 
A, A => B,B b 

dT^Bb 

d,n(AAB),-.d,b 
A^AB),-.B,b 
zA, -i(A A B) b 

z\,AvB,j4b 
A,A\/B,B b 
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d.dVBb 

structural group 

zA b 

-w 

zA,Tb 


S group 

A, 3x A(x),A(c) b 
A, 3x A[x) b 

A,-i\/x A(x),-iA(c) b 
Z\, -iVas A(x) b 

where c is a fresh constant 

7 group 

A, Sx A(x),-<A(t) b 
zA, -da; A(x) b 

A,\/x A(x),A(t) b 
zA, Va; A(x) b 

where t is any term 


Fig. 3: GS3 


4 Soundness Proof 

This section shows the following property: 

Theorem 1 (Soundness of tableaux w.r.t. GS3). Let r be a set of formulas. 
If there is a closed tableau rooted at r, with unifier a, then the sequent aT b 
has a GS3 proof. 

We require a closed tableau proof, that is to say an entire tree (see Section 2) 
where all branches are closed and the constraints from the last generated con¬ 
straint store (the last rule is closure) are satisfiable at once by some unifier a. 
It also satisfies any intermediate constraint from this tableau proof as they all 
appear in the final store. 

The unifier cr can assign any term, including a free variable, to a given free 
variable. To make it ground, we extend it to a' = n o cr, where k maps the free 
variables from the range of cr to fresh constants. The unifier a' subsumes a 
Given a closed tableau proof T rooted at r, with ground unifier a, we call 
abusively the pair (T, cr) a closed tableau, which is ground and without con¬ 
straint. We refer to tableaux without unifier as strict/valid tableaux. 

















4.1 Origin of the Problem 


The naive translation, that maps inductively each rule of T to the similar rule 
of GS3, does not work. Let us translate this way the tableau of Figure 2. 

The unifier is a = {A' := c}, and the corresponding GS3 pseudo-proof is the 
tableau proof simply turned upside down and instantiated, as shown in Figure 4 
where bookkeeping contractions have been eluded. 


-n(3s(g(i) =» VyD(y))),^(D(c) =» VyD(y)), D(c), -VyD(y),^D(c) I 
^(3x(Zl(r) =» VyD(y))),^(D{c) =» VyD{y)), D{c), -HyD(y) h 
-i(3x{D{x) => VyD(y))), ^(D{c) =» VyD(y)) h 
~<{3x(D(x) => VyD(y))) h 


Fig. 4: Pseudo sequent derivation for the tableau of Figure 2 


The problem in the derivation of Figure 4 is that the ->V rule (the counterpart 
of the 6 rule) requires a fresh constant, and it cannot be c, as it was previously 
introduced by the first ->3 rule. In the tableau proof of Figure 2, freshness is 
innocently masked by the unknown value of X. 

The remedy, to show the drinker principle in GS3, is well-known: contract 
the goal formula, and use once to get a fresh constant c with the ->V rule, and 
in a second time to generate the same constant c with the -3 rule. 

This is a one-shot particular solution, and we provide below a general jpro- 
cedure to treat the problem: given any tableau proof, with a relaxed notion of 
freshness, we force the sequent rules to apply in the right order. 

4.2 Insight into the translation 

Lax freshness is sound for two reasons. First, free variable tableaux are seman¬ 
tically sound. Second, we syntactically know it is sound through the unifier a. 
The unifiability of the constraints ensure that there is eventually no loop. We 
are in a way guaranteed that there is a right order for the instantiations. 

Practice is more subtle. Indeed, any (still naive) attempt to order all quan¬ 
tifiers of the tableau by a combination of subterm order and precedence in for¬ 
mula 5 , topologically sort them to unravel the tableau and get the right order for 
rules, fails. There is a theoretical argument: free-variable tableaux with on-the- 
fly Skolemization can be non-elementarily shorter [13, 1, 6] than sequent proofs, 
namely because of the relaxed notion of freshness, post-checked at unification 
time. This appears clearly in Figure 4: the two precedence constraints on the ->V 
and -G rules are conflicting. 

5 quantifier Qx would have priority over Qy if it is higher in the same formula or if 
the instance (by a) of the metavariable/term introduced by Qy contains the Skolem 
term introduced by Qx- 








The proofs of the drinker principle gives us a hint: duplication. This removes 
the above theoretical barrier, as the sequent proof now grows much bigger than 
the tableau proof. This also means we will make the translated sequent grow 
from the root to its axioms, ensuring at every step soundness (the - open 
sequent proof is GS3-valid) and progress (one tableau rule has been considered). 

Let us translate the example to have a preview of what we will do. For the 
sake of readability, and in analogy with the next sections, we let T be the root 
formula -*(3x(D(x) => \/yD(y))). Translating the first three rules is easy (see 
Figure 5a). Next, we face the problem discussed above and solve it in four steps: 

1. Save the current incomplete proof-tree. 

2. Clean the targeted open leaves: remove all formulas but T and the S formula 
of interest. 

3. Apply the now legal 5 rule, and clean more (Figure 5b). 

4. Graft the saved proof-tree 1 to the targeted open leaves (Figure 5c). In fact, 
make the grafts of step 3 grow following the saved proof-tree. Keep the 
Skolem formula as an additional side formula on the relevant branches (in 
our example: on the single grafted branch). 

After those steps, we are able to translate further the tableau, in our case, the 
sole axiom rule. 

Grafting a proof-tree with more than one open leaf multiplies the number of 
leaves of the tree. Translating a single tableau rule into several sequent rules is 
unavoidable, and both height and width grow. So, in general, a single tableau 
branch (resp. rule) corresponds to several sequent branches (resp. rules). The 
general mechanism is discussed in the next sections. 

4.3 Initial Definitions and Lemmas 

We have already mentioned that the GS3 proof is not built by structural induc¬ 
tion. We thus need some additional definitions. 

Definition 1 (Initial part). Let T be a closed strict tableau rooted at T. An 
open tableau To is said to be an initial part of T iff it is rooted at T and: 

— either T 0 is a leaf: 

• if the root of T is also a leaf (closed by hypothesis), T 0 is a closed leaf; 

• if the root of T is an internal node, To is an open leaf. 

— or the rule applied at the root of To is exactly the same as the rule applied 
at the root of T and the sub-tableau(x) of To are initial parts of the corre¬ 
sponding sub-tableau(x) ofT. 

We use the same terminology for GS3 proof-trees. 

Alternatively, if we consider a sequence of tableaux used to derive tableau T 
from its root T, then To is an initial part of it if, and only if, there exists at least 
one such sequence where Tq appears. 


r, -i(D(c) => VyDjy)), D(c), -HyDjy) h 
r,^(D(c)^VyD(y)) h 


ri- 

(a) First 3 steps of the translation of Figure 2 

r, ~'D(c) h 


i>VyL>(y),^D(c)F 

7>VyD(y)h 


nV 


T ^(£>(c) =» Vy£>(y)), £>(c), -nVyfl(y) I- 

r,-n(r>(c)=s-Vy£>(y))l- ^ 


ri- 

(b) Cleaning and applying the (5-rule 

r, ~iD(c), -n(£>(c) =» VyL>(y)), D(c), ^VyT(y) h 
r,-.D(c),-(£>(c)=>-VyD(y))l- ^ 


T -T(c) h 


r,-NyD{y),D(c) \ 
r,~VyD{y) h 


nV 


T ^(T(c) =» VyL>(y)), J>(c), ^A/T(y) I- 
r,-.(£>(c)=>-Vy,D(y))>- ^ 


ri¬ 

fe) Graft and grow 


Fig. 5: Solving the drinker problem 


An initial part To of T shares the same root, nodes, sequents, branches, 
constraints, paths and rules as T up to the leaves of Tq. Tq can also be thought 
of a labeling of the nodes of T as “seen” and “unseen”. For instance, the tableau 
of Figure 5a is an initial part of the tableau of Figure 2. 

The following lemma shows that subsequent definitions are well-formed: 

Lemma 1. Let Tq be an initial part, of a closed strict tableau T, b an open leaf 
of Tq, and r the rule applied to the corresponding branch b on T. The extension 
of Tq by the application of r on b is also an initial part ofT. 

Our goal is to incrementally build a GS3 proof-tree by following the rules 
of T, given a closed (strict) tableau T with a ground unifier a. In a sense, we 
replay the steps that were used to build T, get an initial part To, and maintain 
the invariant that the GS3 proof-tree maps to Tq. Note again that a single open- 
branch of To serves to extend several branches of the GS3 proof-tree at the same 
time. We first define the mapping: 

Definition 2 (Partial Link). Let 7To be an open GS3 proof-tree rooted at T 
and let also Si,-- - ,s n be its open leaves, containing respectively the sequents 

r si I-,... ,r s „ K 

















Let Tq be an open strict tableau with open leaves Bi, ■ ■ ■ ,6m, that respectively 
containing the set of formulas A ^, • • • , A^ m . Let a be a unifier for Tq. 

7 Tq is partially linked to ( Tq,ct ) if, and only if, there exists a partial mapping 
p : {si, • • • , s„} i y {Bi, • • • , b m }, such that aA^ s ) C T s , when p(s) is defined. 

We say that the leaf s (ofno) is linked to the leaf p(s) (of To), and that the 
formulas of T s \aA^^ are the side formulas of s. 

This notion is readily extended to describe a partial link to a GS3 proof-tree. 
In this case, there is no need for an unifier. 

Notice that, when p(si) = p(sj), nothing prevents the side formulas of Si 
and sj to be different. T s is only required to contain the instances by a of the 
formulas of Z\ M ( S ). 

Notice also that p is not required to be injective or surjective. Non-injectivity 
accounts for the fact that a single tableau branch is reflected at more than one 
place on a GS3 proof-tree. Non-surjectivity of the mapping amounts for the 
fact that some branches of the original proof may not be reflected in n, in 
particular when 7r is bilinked (Definition 4 below). One can check that, in the 
proof of Theorem 3, the link to 9 is not surjective, but the link to n is maintained 
surjective. 

We need the two following refinements over partial links: 

Definition 3 (Link). Let T be a set of formula. Let no be a proof-tree linked 
to a tableau (To, a), and assume that: 

— 7 Tq and Tq are both rooted at T, 

— and the mapping p is total. 

Then no is said to be linked to (To, a). 

Definition 4 (Bilink). We say that ir, with open leaves {si, • • • , s n } is bilinked 
to two GS3 proof-trees 9 q and 9\ if, and only if, it is partially linked to 9 q and to 
9\, and the respective mappings po and p± verify the disjointness and covering 
conditions: 

— Dom(^o) H Dom(/xi) = 0 

— Dom(po) U Dom(/ri) = {si, • • • , s„} 

Given a link p between a GS3 open proof-tree 7r and an initial part of X, the 
intention is to apply to all the open leaves s £ p~ 1 (6j), the same rule as on Bj. 
This is formalized in the next definition: 

Definition 5 (Parallel extension). Let no be a GS3 proof-tree, linked to (To, er) 
with mapping po, where To is an initial part of a closed strict tableau T with uni¬ 
fier a. Let Xj be the extension of Tq along T on some open leaf 6 with rule r. 

The open proof-tree ni of GS3 is called a parallel extension ofiro along Xj (by 
r) if it can be linked to (T\,a) such that the mapping p\ is equal to po, except 
on the newly created leaves of 7Ti, in which case the new leaves are mapped to 
the corresponding premise leaf(s) of r in T\. 


By abuse of language, this process is called the parallel extension ofn along T. 
The equivalent notion can be defined for two (partially) linked GS3 proofs-terms 
and we will use the same terminology. 

In practice, 7 Ti is built out of 7Tq by adding the inference rule r on the suitable 
leaves. Since this consumes exactly one rule of T, the process of parallel extension 
eventually stops and generates a GS3 proof-tree. This proof-tree is a sequent 
proof: all its leaves are closed because they are totally linked to leave themselves 
closed. The main question is whether this is always possible. The example in 
Section 4.2 shows that it is not so simple. 

4.4 Parallel Extensions 

Now we are equipped to describe our algorithm and prove the following theorem: 

Theorem 2. Given any closed tableau T with unifier a, any initial part T 0 , and 
any GS3 proof-tree tt 0 linked to (T 0 , a), it is possible to parallely extend 7 r 0 along 

T. 

Proof. Let b be an open leaf of To, and r the rule applied to it in T. Let T\ be 
the extension of To along T on b with rule r. Consider the different cases for r: 

— r is an a-rule on a formula A: on each Si € p(f 1 (b), a A is present on s, by 
definition of linkedness, we apply r on it. We link this new proof-tree exactly 
as the old one, and let p\ be defined as: 

f Pi(sj) = h-9(sj) for any sj ^ p(( 1 (b) 

\pi(s n .O) = p o {b).0 for anys,; £ p(f 1 (b) 

Since both the tableau and the GS3 rules are non-destructive, the invariant 
crzi M ( s ) C r s is maintained. 

— r is a 7 -rule: we do exactly the same. 

— r is a /3-rule. We act similarly, except that we have two new open leaves in 
Ti, b. 0 and 6.1. As well, all the Sj open leaves of 7 To split into Sj.O and s».l. 
The new linking function pi is straightforward: 

{ A*i (sj) = Bo(sj) for anysj ^ /v 1 ( 6 ) 

Pi(s n .O) = Po(b).0 for anys, <E p(f 1 (6) 

Pi(s n .l) = p 0 (b).l for anysi £ p(f 1 (b) 

— r is a 5-rule: this is entailed by Theorem 3 below. We postpone this case to 
the end of Section 4.5. 

— r is a closure rule: we apply the axiom rule on each Si € /r^ 1 ( 6 ). b is now 
a closed leaf of Ti, and accordingly the Si are no more open. We thus need 
restrict the domain of po: pi = po ir , where I = {sj | po{sj) b}. □ 

Notice that the choice of the leaf b is not imposed. In order to optimize the 
translation, it is possible to define some heuristics to choose the branch. As well, 
for better performances, the heuristics may rearrange, on each path, the order 
of the rules but the theoretical barrier discussed above will still pop up at some 
point. This is why we do not insist on optimization here. 


4.5 Parallel ^-extensions 

The possibility of a 5-extension is made possible by the following theorem: 

Theorem 3 (5-theorem). Let ( T,a) be a closed tableau. Let T its root for¬ 
mulas, 3xD{x) be a formula of it, on which a 5-rule is applied, generating the 
Skolem term 5 and the formula let Ds = D(8). We consider the instances by a 
of those term and formulas, and call them identically. 

Let 8 be an (open) GS3 proof-tree composed only with formulas that appear 
in ( T, a) (as instances by a of formula ofT), rooted at r and such that each leaf 
contains at least r. 

Assume that a set of leaves, denoted B, contains 3xD(x). Let ttq be an initial 
part of 8. 

Then it is possible to build a proof-tree n\, rooted at T, that is bilinked to no 
and 8 with mappings p^ 0 and pg respectively, such that: 

— There is no si such that pg(s i) £ B, i.e. the leaves of 8 in B are “unreach¬ 
able”. 

— for any leaf s i, such that p no (s i) is a prefix of a path b £ B (for short: 
Pn 0 {si) is a prefix of B), Ds appears on this node as a side formula. 

— All other leaves s i of n\ have the same formulas than p^ 0 (s\), or than pg(s i). 

Proof. We build n\ by induction on the pair (size of Skolem term 5, size of 7To). 

First of all, if no has no rule, there is a tension between the imposed formulas 
at the root of no, T, and the leaves of n\ linked to a prefix of B, that contain (at 
least) T, Ds. That prevents 7Ti to be no itself. Indeed, we start with a manipulated 
clone of 8 and we graft T, Ds at the leaves B of 8, as follows: 

— We let 7 Ti be 8 where, to all the leaves b € B we have weakened to get T, 3xD, 
applied the 5-rule to generate Ds, and weakened once again on 3xD. There is 
no freshness problem, since T does not contain any Skolem term or symbol. 
7Ti has the same leaves as 8, except for a new set of leaves, which we call 
Bf It is composed of the b t = b.0 k ‘, where b £ B and kg is the necessary 
number of 0 introduced by the 5-rule and the weakenings. The formulas of 
the leaves in B^ are exactly T,Ds- 

— We define the bilink in the following way: 

• pg is the partial link from n\ to 8 defined on all the leaves b of n\ that 
are not member of . It is merely the identity: 

pg{b) = b if b £ 

• Pttq is the partial link from n\ to no defined on B^. It is the constant 0 
function, since n\ has no rule: 

hiTo(b^) = 0 if b^ £ B^ 

Otherwise, n\ has at least one rule. Then, we consider any initial part 7 Tq 
of no, that has one rule less and is still an initial part of 8. Let us call n( the 
proof-tree produced by the induction hypothesis, with mapping /i° o (resp. pg) 
from 7 Tq to 7 Tq (resp. 8). 

To go from 7Tg to 7r 0 , a rule r is applied on leaf b. We have the following cases: 



b is not a prefix of B. we simply copy the rule on each branch sj of ttq linked 
to b, i.e. such that /i° 0 (sj) = b. The bilink is formed with an unchanged fig. 
fiiro is straightforwardly defined from /i° o as in the proof of Theorem 2. 
b is a prefix of B and r is an a-,/3-,7-rule: we simply copy the rule on each 
branch sj of 7 Tq linked to b, let fig unchanged and let fi^ 0 be defined from 
as in the proof of Theorem 2. 

In the case of a branching /3-rule, we weaken on D on Sq.O (resp. on sj.l), if 
b. 0 (resp. b. 1 ) is no more a prefix of B. At least one of b. 0 and b. 1 is a prefix 
of B. 

b is a prefix of B, r is a (5-rule and either the Skolem term e is not comparable 
to S for the subterm relation, or it contains S as a subterm: in this case, we 
copy the rule as above, since the Skolem term is still fresh. 
b is a prefix of B, r is a <5-rule and the Skolem term e is exactly <5. Since only 
formulas of T, a appear, the Skolem formula must be exactly Dg, otherwise 
the term would be different. By induction hypothesis on 7 Tg and fi° no , b already 
contains Dg as a side formula. 7 Tq has already the desired form and we let 
TTi = tto, M ^o = M ° 0 and Me = Me- 

b is a prefix of B, r is a (5-rule and the Skolem term e is a strict subterm of S. 
Let E e be the Skolem formula and 3yE the quantified formula. We cannot 
apply the (5-rule on 3yE because e is not fresh. As well, we cannot recover 
freshness by weakening on Dg, since this loses the invariant. 

But, since e is a strict subterm of S, we can apply the induction hypothesis 
on 7 Tq , on & with the formula 3yE, the set of leaves Bg = fi ° ^ ^(6) and with 
7 Tq as an initial part of itself. 

We get a proof-tree, that we call (on purpose) 7 Ti, along with a bilink fi 1 , fi 2 
to 7 Tg and 7 Tq. Let s be a branch of 7 Ti. fi 2 (s) ^ Bg, because “no fi 2 (s) can be 
a prefix of Be” , and as we chose 7 Tq as an initial part of itself, being a prefix 
means being equal. Therefore, if s is linked to a prefix of Bg : we must have 
/k 1 (s) G Bg and s contains the formulas: 

• E e by the very hypothesis of Theorem 3 

• all the formulas of the corresponding branch of Bg by the definition of a 
partial link, that is to say the formulas of the branch 6 , plus the formula 
Dg since b is a prefix of B. 

Therefore all those branches contain the formulas of the branch b. 0 of 7 Ti, 
plus the side formula Dg. 

We now proceed to the definition of the bilink of ir\ with 7 To and 9: 

• M 7 t 0 (s) = 6-0 if M X ( S ) is defined and belongs to Bg, otherwise said if 

m^CmHs)) = (>■ 

• fi no (s) = fi l ^ 0 ([fi 1 U fi 2 ](s)) if /i^ is defined on [ fi 1 U fi 2 ](s) and different 
of b. The merge U is well-defined because of the bilink fi 1 , fi 2 is disjoint. 

• fig{s) = figilfi 1 U /u 2 ](s)) otherwise, which is defined exactly when the 
two other cases fail. 

We indeed compose the partial link functions, except when it comes to the 
branch b. It is easy to see that it is a bilink (Definition 4). Moreover, let us 
check the conditions of the theorem: 


• no leaf s such that fig (s) is defined is a prefix of B because this property 
holds for fig. The leaves s linked to a prefix of B are either such that 
Hn 0 (s) = 6.0 or such that fin 0 (s) = fi° 0 ([fi 1 U ^ 2 ](s)). 

• the leaves linked to a prefix of B have Dg, and only Dg, as a side formula. 
In the case fi no (s) = fi® ([p 1 U fi 2 ]{s)) , this is true by hypothesis on fi° o 
(it adds exactly Dg as a side formula) and on fi 1 / fi 2 , that preserve the 
formulas, since /x 1 (s) does not belongs to/is not a prefix of (which is the 
same here) Bg. 

In the case // 7ro (s) = 6.0, this property has been checked above. 

• all other leaves have the same formulas as the branch they are linked to. 
This is an inductive property of the partial links ft® , fig, fi 1 and fi 2 . 

As a remark, we can see that, if the partial links fi 1 and fi® 0 are surjective, 

then the partial link fi no is also surjective. □ 

We conjecture that we can restrict ourselves, in Theorem 3, to the case of 
a single rule r that applies on all branches of 7To that are a prefix of B. In this 
case, we can apply r on all the leaves that are mapped to a prefix of B at once, 
that can save us to investigate them one by one. 

Notice that considering a set of leaves B is essential to be able to apply 
induction hypothesis twice. This need comes from the fact that we duplicate 
parts of the proof, and formulas and rules are duplicated: a single tableau rule 
can be applied several times, in parallel, in the corresponding sequent proof. 

We are now in position to show the remaining case of Theorem 2 dealing 
with r when it is a (5-rule : let S be the Skolem term, and Dg the Skolem formula, 
after instantiation by a. We apply Theorem 3 to 9 = no, with B = fig 1 (6), and 
7To as an initial part of 9. Due to the non-destructive nature of GS3, T appears 
on each leaf of 9. We get a proof-tree n\ bilinked to 6/no, that is to say linked to 
7To by fi\ — fig l_l fio, where all the branches linked to B (equivalently such that 
fi o(/ii(s)) = 6) contain Dg as a side formula. fi\ is a link because of the covering 
condition in Definition 4. 

Therefore, we have a link fi from n\ to (Ti,cr), defined by fi(s) = fio(fii(s)) 
if fio(fii{s)) / 6, and fi(s) = 6.0. The parallel (5-extension has succeeded as well. 

□ 

Lastly, to show Theorem 1, we need to follow strictly GS3 rules, that is 
to say replace the Skolem terms by fresh constants on the proof-tree obtained 
by iterating Theorem 2. Since Skolem term are now fresh, this boils down to 
replacing each Skolem term by a different constant. □ 


5 Related work and Conclusion 

The effect of using optimized versions of Skolemization has been well studied for 
tableaux methods on classical logic. 

The increased efficiency resulting from the use of optimized Skolemization 
in tableaux methods to handle existential quantifiers has seen a nice body of 
work. Baaz and Fermiiller [1] show how a more efficient (5*-rule, which offers 


non-elementary speedups in proofs. Even more efficient 5-rules, in terms of po¬ 
tential speedups, are presented by Cantone and Nicolosi Asmundo [6] with the 
5* variant and by Giese and Ahrendt [12] with the Hilbert’s symbol based 5 e 
rule. All these enhanced Skolemization procedures are instances of Cantone’s and 
Nicolosi Asmundo’s theoretical framework[7]. These demonstrated speedups can 
be paralleled to the exponential explosion one might experience when syntacti¬ 
cally reconstructing tableaux proofs as ground sequent derivations. 

The technique we use in this paper to show a syntactic soundness proof for 
first-order free variable classical tableaux with Skolemization consists in linking 
proof-trees to synchronize their simultaneous expansions. We are hopeful this 
can be extended to handle other 5-variants. The need for grafting various sub¬ 
trees during the construction of sequent proof, to take into account the relative 
freshness of the Skolem terms, and the consequent growth in width and breadth 
confirm that, in presence of free variables and Skolemization, tableaux proofs are 
necessarily shorter in a non-elementary way [1]. This process can indeed make 
the size of the sequent proof explodes. Our proof also confirms that semantic 
arguments are shorter and often clearer, even though syntactic transformations 
are needed in the context of proof verification. 

It has to be noticed that (pre-) outer Skolemization or Skolemization after a 
prenex normal form transformation would ease a lot the soundness proof. Since 
tableaux do not bear any 5 rule, we could translate directly the proof in GS3, 
and apply Skolem theorem (if \/xA(f(x)) b then \/x3yA(y) b). In particular, the 
proof-tree does not grow, as there is no speedup in tableaux. 

Our result is not specific to sequent calculus, it also readily applies to turn 
free-variable tableaux with Skolemization into tableaux without free variables, 
and should generalize gently to other logics. In particular, our next goal is to lift 
this work to the context of deduction modulo [!)] , to de-Skolemize proofs, and 
obtain proofs checkable by tools such as Coq or Dedukti [ ]. 

The advantage of a syntactic transformation that avoids to appeal to the 
cut rule, as our, is that it paves the way for a cut admissibility theorem. Indeed, 
from a sequent calculus proof with cuts, we would first get universal validity by 
(sequent) soundness, then derivability of a tableau proof by completeness, and 
next, a cut-free sequent-calculus proof by our method. Cut elimination is known 
since the early days of logic for GS3, this is why switching to other calculi is 
interesting. In particular, in deduction modulo, cut elimination depends on the 
chosen rewrite system. 

We could also automate the transformation, by writing a program, eventually 
certifying it in Coq, for instance through a certified programming environment 
as FoCaLiZe [10]. 
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